Lucene search
K

130 matches found

Cvelist
Cvelist
added 5 days ago40 views

CVE-2026-59938 pypdf: Possible large memory usage for wrong image dimensions

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...

6.9CVSS0.00303EPSS
Exploits0References4
CVE
CVE
added 5 days ago9 views

CVE-2026-59938

CVE-2026-59938 affects the Python PDF library pypdf. Before version 6.14.0, an attacker can craft a PDF with image size values declared much larger than actual data, causing large memory usage during pypdf image parsing. Root cause: mismatch between declared image dimensions and image data in the...

6.9CVSS6AI score0.00303EPSS
Exploits0References4Affected Software1
NVD
NVD
added last week6 views

CVE-2026-55380

Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...

7.5CVSS0.00361EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.8 views

RHEL 7 : ImageMagick (RHSA-2026:32961)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32961 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixe...

9.2CVSS7.4AI score0.01849EPSS
Exploits4References20
EUVD
EUVD
added 2026/06/25 9:52 p.m.10 views

EUVD-2026-36184

ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions...

7.5CVSS5.8AI score0.00346EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/24 6:8 p.m.28 views

CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF

Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...

5.4CVSS0.00122EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in GraphicsMagick

The ReadJXLImage function in the JXL library within GraphicsMagick before version 1.3.46 has no image dimension resource limits...

7.5CVSS6.1AI score0.00413EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.12 views

Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3373 (ALAS-2026-3373)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3373 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...

7.5CVSS6.1AI score0.00346EPSS
Exploits0References14
Snyk
Snyk
added 2026/06/10 11:12 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.11 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.10 views

Allocation of Resources Without Limits or Throttling

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/10 11:12 p.m.6 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient validation in the DCM decoder. An attacker can cause the application to process images with invalid dimensions, potentially leading to application crashes or denia...

8.7CVSS5.3AI score0.00346EPSS
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/06/09 12:0 a.m.10 views

Synthetic TIFF Corpus Generator for Parser Validation and Boundary Condition Testing

This Python script generates a small corpus of synthetic TIFF-like files designed for validating parser behavior across different image dimension scenarios...

5.5AI score
Exploits0
OSV
OSV
added 2026/05/26 7:31 p.m.13 views

JLSEC-2026-543

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in openjp2/t1.c because of lack of opjj2kupdateimagedimensions validation...

7.5CVSS7.1AI score0.04932EPSS
Exploits1References20
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.14 views

PT-2026-47108

OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj t1 clbl decode processor in openjp2/t1.c because of lack of opj j2k update image dimensions validation...

5.8AI score
Exploits0References11
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in openjpeg2

OpenJPEG version 2.3.1 has a heap-based buffer overflow issue in the opjt1clbldecodeprocessor function in openjp2/t1.c, due to the lack of validation for the opjj2kupdateimagedimensions function...

7.5CVSS7.1AI score0.04932EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.15 views

PT-2026-41801

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out of bounds heap write can occur when reading multiple images with different dimensions. A heap write is a memory corruption issue where data is written...

7.8CVSS5.9AI score0.00441EPSS
Exploits0References132
Snyk
Snyk
added 2026/05/14 9:21 p.m.8 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the jpeg2000input.cpp process when calculating buffer size using signed 32-bit arithmetic. An attacker can trigger a heap overflow by providing crafted image dimensions that cause integer overflow,...

7.8CVSS6AI score0.00173EPSS
Exploits1References2
OSV
OSV
added 2026/05/13 1:42 a.m.10 views

JLSEC-2026-493 JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.

ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits...

4.3CVSS5.8AI score0.00413EPSS
Exploits0References7
EUVD
EUVD
added 2026/05/04 5:51 p.m.6 views

EUVD-2026-27075

CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the WHD size computation inside loadpnm that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around...

6.1CVSS6.1AI score0.00142EPSS
Exploits0References4
Rows per page
Query Builder